In order to verify the data coming from the Google Safe Browsing API, you can calculate a Message Authentication Code (MAC) for each update. The instructions to do this (from Google) are:

The MAC is computed from an MD5 Digest over the following information: client_key|separator|table data|separator|client_key. The separator is the string:coolgoog: – that is a colon followed by ‘coolgoog’ followed by a colon. The resulting 128-bit MD5 digest is websafe base-64 encoded.

There’s also example data to check against:

client key: '8eirwN1kTwCzgWA2HxTaRQ==' 

response:

[goog-black-hash 1.180 update][mac=dRalfTU+bXwUhlk0NCGJtQ==] +8070465bdf3b9c6ad6a89c32e8162ef1    +86fa593a025714f89d6bc8c9c5a191ac +bbbd7247731cbb7ec1b3a5814ed4bc9d *Note that there are tabs at the end of each line. 

I’m unable to get a match. Please either point out where I’m going wrong, or just write the couple of lines of Python code necessary to do this!

FWIW, I expected to be able to do something like this:

>>> s = '+8070465bdf3b9c6ad6a89c32e8162ef1\t\n+86fa593a025714f89d6bc8c9c5a191ac\t\n+bbbd7247731cbb7ec1b3a5814ed4bc9d\t' >>> c = '8eirwN1kTwCzgWA2HxTaRQ==' >>> hashlib.md5('%s%s%s%s%s' % (c, ':coolgoog:', s, ':coolgoog:', c)).digest().encode('base64') 'qfb50mxpHrS82yTofPkcEg==\n' 

But as you can see, ‘qfb50mxpHrS82yTofPkcEg==\n’ != ‘dRalfTU+bXwUhlk0NCGJtQ==’.